Always Encrypted SQL 2016 and Entity Framework 6: “Operand type clash: datetime2 is incompatible with date”

Question

Current project:

• MVC 5.2
• DotNet 4.6.2
• EF 6
• Identity 2 (modified as per the repository pattern below)
• SQL Server 2016 RTM
• Repository Pattern: Persistence-Ignorant ASP.NET Identity
• Always Encrypted column encryption as described here and here
• All SQL as MapToStoredProcedures(); in EntityTypeConfiguration

Unlike the repository pattern tutorial, I was able to push my model to DB. I am not working off of a hand-assembled DB. I did modify the migration as per the two SQL statements in second Always Encrypted link, not surprising also for a birthdate and a Social Security Number.

Because my Entity Framework entities specifies the encrypted fields as such,

Property(x => x.Dob).HasColumnOrder(15).HasColumnName("Dob").HasColumnType("Date").IsRequired();
Property(x => x.Sin).HasColumnOrder(16).HasColumnName("Sin").HasColumnType("nvarchar").HasMaxLength(11).IsRequired();

I have decorated those two fields in my User domain entity in the following way:

[DataType(DataType.Date)]
public DateTime Dob { get; set; }
[MaxLength(11)]
public string Sin { get; set; }

as per this comment . As a precaution, I have also decorated the same fields in my IdentityUser.cs file.

When I try to push the default administrative user I am trying to create, using this:

public async Task<ActionResult> AddAdmin() {
  var user = _userManager.FindByName("email@domain.net");
  if(user == null) {
    user = new IdentityUser() {
      // Other fields
      Dob = new DateTime(1972, 10, 12),
      Sin = "726-261-050",
      // Other fields
    };
    var createUser = await _userManager.CreateAsync(user, "password");
    if (createUser.Succeeded) {
      var userId = _userManager.FindByName("email@domain.net").Id;
      var addRole = await _userManager.AddToRoleAsync(userId, "Admin");
      if (addRole.Succeeded) {
        return View("Index");
      }
    }
  }
}

I get the following error:

Operand type clash: datetime2(7) encrypted with (encryption_type = 'RANDOMIZED', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK1', column_encryption_key_database_name = 'database') is incompatible with date encrypted with (encryption_type = 'RANDOMIZED', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK1', column_encryption_key_database_name = 'database')

which occurs at the _userManager.CreateAsync() .

I am completely at a loss as to why this is happening. I have clearly specified Dob in IdentityUser() as a Date field, and not DateTime2 . The same goes for the raw User model/domain and its associated EF entity. The actual DB field is a Date field (confirmed this personally), so I can see why the destination is a problem if the source is mysteriously created as a DateTime2 , even though the IdentityUser() Dob field is a Date as well. Theoretically, a Date field in IdentityUser() cannot pass on a DateTime2 to the DB.

Answer 1

I believe EF handles all the date types as datetime2. Changing the column type in SQL server to datetime2 should help. As of now, your only option is to change the datatype of your column to datetime2 in SQL Server, since EF does not have any hooks into parameter generation.

Answer 2

If we don't want to change the datatype of from datetime to datetime2 . because datetime to extend the 7 digit after last decimal.

check by below script. difference b/w datetime and datetime2.

select * from newdatetimetest ALTER TABLE newdatetimetest ALTER column mydatetime datetime2

select * from newdatetimetest ALTER TABLE newdatetimetest ALTER column mydatetime datetime

select * from newdatetimetest

You can implement the custom interceptor to change the entityframework datetime2 datatype convert into datetime.

we have successfully implemented and insert the record successfully.

find the reference form below link.

https://github.com/aspnet/EntityFramework6/issues/578

https://github.com/aspnet/EntityFramework6/pull/1147